MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff76c599e55cf1df34e0ccb7e3c30fa26402c11c3a561b3e33e9d0d3f3483beb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff76c599e55cf1df34e0ccb7e3c30fa26402c11c3a561b3e33e9d0d3f3483beb
SHA3-384 hash: ea9b1e6e6eecf87ba2a3f2c7631a3ef99bf9bfd00b2bea904ab51c95796587e62dba5b29ed23582f67ef52c9089a46b8
SHA1 hash: 7c54bf7fddba72cbae3dc48e7856837330f64c6d
MD5 hash: 41e9ca3b17e5bdb4a415a6fee59de5bc
humanhash: fanta-carpet-west-potato
File name:DocuSign.js
Download: download sample
Signature Formbook
Create hunting rule
File size:1'145'165 bytes
First seen:2026-01-30 09:47:16 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 768:6Lrtwmj2cbBhhDc5wNBVjFYvM1mdzmlIceCzbVxwzNtxdjT2:4
Threatray 129 similar samples on MalwareBazaar
TLSH T1CF356857E7B408DD4FA1DADCE46072E2C9048E9C749BC6ECDAA069F7F64904D2B18D32
Magika javascript
Reporter JAMESWT_WT
Tags:FormBook js MSI-STEGO26

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.JS.Agent.DGD7.tr.27915.26367.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=697b5077bec9764f452fd093
Tags:
obfuscate xtreme virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm base64 base64 fingerprint obfuscated obfuscated overlay powershell repaired
Link:
https://www.filescan.io/uploads/697c7e2f930564ff3c7e5a92/reports/59ae79dd-9592-470a-9d64-bd305493e9b5/overview
Verdict:
Suspicious
Labled as:
JS/Agent.DGD7
Link:
https://www.hybrid-analysis.com/sample/ff76c599e55cf1df34e0ccb7e3c30fa26402c11c3a561b3e33e9d0d3f3483beb
Verdict:
Malicious
File Type:
js
First seen:
2026-01-29T04:03:00Z UTC
Last seen:
2026-02-01T07:11:00Z UTC
Hits:
~100
Detections:
Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/ff76c599e55cf1df34e0ccb7e3c30fa26402c11c3a561b3e33e9d0d3f3483beb/results?tab=lookup
Score:
12%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/ff76c599e55cf1df34e0ccb7e3c30fa26402c11c3a561b3e33e9d0d3f3483beb
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff76c599e55cf1df34e0ccb7e3c30fa26402c11c3a561b3e33e9d0d3f3483beb/
Verdict:
Malicious
Threat:
Family.REVERSELOADER
Link:
https://tip.neiki.dev/file/ff76c599e55cf1df34e0ccb7e3c30fa26402c11c3a561b3e33e9d0d3f3483beb
Threat name:
Script-JS.Backdoor.FormBook
Create hunting rule
Status:
Malicious
First seen:
2026-01-29 07:33:58 UTC
File Type:
Binary
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=753mlgpflty56nhazs36hqypujsafqi4hjlbwprt5hinh42ihpvq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
2d69b310e05770207e0dfbc31f64586a5edefe9fa24ec1c66bada9d50a2f5d05
Formbook
533da1872324407ac2f8ccee9315fd3848b9407fdb921236f9a350e0294795e7
Formbook
5c14e62176fe6f93827864b3359fc15f2f36a5d88cbab42799a9494f38137139
Formbook
68d22e4c9a51915c544363615ed5aeb6e1a1c910367c16de46cde01d89953674
Formbook
898577462fa7aab7e8e185c3266d7562954578e3bceaa11e694ce45f0434c347
Formbook
9f9a7fd9f0d602ab0170d36da2e78425d9b469c691bf45dbf66e490d39b4790a
Formbook
ab8f034b89a3f3f3c7a77d3e5824fd4e4deb9734aa650cc78b0c3001e93a2a48
Formbook
b7bb8b7264e4deecc1009400a76c2b8aa1e6c7d972f7908d9b0ab79cb6d788a1
Formbook
e628db47468b65acedd1b04c93dfdac58c956fbd15f135fae7b3801525c8713f
Formbook
error
Formbook
f9430e6f7fd4b2b62103cefb6766ce04b07e1be79b24ee7cdab934b913388335
Formbook
+ 119 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook execution rat spyware stealer trojan
Link:
https://tria.ge/reports/260130-lsgymags7d/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Suspicious use of SetThreadContext
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Formbook payload
Formbook
Formbook family
Process spawned unexpected child process
Malware Config
Dropper Extraction:
https://res.cloudinary.com/dxxyxpqxg/image/upload/v1769187753/optimized_MSI_nthgyz.jpg
Malware family:
DnlibLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ff76c599e55c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/ff76c599e55cf1df34e0ccb7e3c30fa26402c11c3a561b3e33e9d0d3f3483beb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments